Shorewall Download

Contents

Package Information

Before trying to install, we strongly urge you to read and print a copy of the Shorewall QuickStart Guide for the configuration that most closely matches your own.

The documentation in both XML and HTML formats is available for download from the Download Sites listed below.

NOTICE: There are three current Shorewall Release Series:

The STABLE release series is 5.1. Choose this release if you value
stability and good documentation.

The prior STABLE release series is 5.0. We release updates to this
series to correct problems but usually don't make enhancements to
it.

The Development release is generally a 5.1.x Beta; see the Home Page. Chose this release if you want to help shake
out the next Shorewall stable release. The Developement release is found
in the 'development/5.0' directory on the download sites.

Shorewall -- Together
with Shorewall-core, includes everything needed to create an
IPv4 firewall.

Shorewall6 --
Requires the Shorewall package and adds the capability to create
an IPv6 firewall.

Shorewall-lite -- a
light-weight Shorewall version that will run compiled firewall
scripts generated on a system with Shorewall installed.

Shorewall6-lite -- a
light-weight Shorewall6 version that will run compiled firewall
scripts generated on a system with Shorewall6 installed.

Shorewall-init -- an
add-on to any of the above packages that allows the firewall
state to be altered in reaction to interfaces coming up and
going down. Where Upstart
is not being used, this package can also be configured to place
the firewall in a safe state prior to bringing up the network
interfaces.

In Shorewall version 4.4.*,
the Shorewall-common, Shorewall-shell and Shorewall-perl packages
are discontinued and replaced with a single Shorewall package which
combines the functions of Shorewall-common and Shorewall-perl. The
shell-based compiler is retired. With Shorewall 4.4, there are
five packages:

Shorewall -- Includes
everything needed to create an IPv4 firewall.

Shorewall6 --
Requires the Shorewall package and adds the capability to create
an IPv6 firewall.

Shorewall-lite -- a
light-weight Shorewall version that will run compiled firewall
scripts generated on a system with Shorewall installed.

Shorewall6-lite -- a
light-weight Shorewall6 version that will run compiled firewall
scripts generated on a system with Shorewall6 installed.

Shorewall-init -- an
add-on to any of the above packages that allows the firewall
state to be altered in reaction to interfaces coming up and
going down. Where Upstart
is not being used, this package can also be configured to place
the firewall in a safe state prior to bringing up the network
interfaces.

In Shorewall version 4.2.*,
there are six packages:

Shorewall-shell -- the
legacy Shorewall configuration compiler written in Bourne Shell.
Not recommended for new installations.

Shorewall-perl -- an
implementation of the Shorewall configuration compiler written
in the Perl programming language. This compiler is much faster
than Shorewall-shell and produces a firewall script that runs
faster. It is the preferred compiler for new Shorewall
installations.

Shorewall-common -- A
base package required by both Shorewall-shell and
Shorewall-perl.

Shorewall-lite -- a
light-weight Shorewall version that will run compiled firewall
scripts generated on a system with one of the compiler packages
installed.

Shorewall6-lite -- a
light-weight Shorewall6 version that will run compiled firewall
scripts generated on a system with Shorewall6 installed.

To summarize:

If you are installing Shorewall 4.4 or later:

On at least one system in your network, you must install
the Shorewall package. If you need IPv6 firewalls then you
must also install the Shorewall6 package.

If you have a single firewall, then that system should be
your firewall system.

If you have more than one firewall, you may wish to
install Shorewall (and possibly Shorewall6) on a single administrative system
and install Shorewall-lite and/or Shorewall6-lite on the
firewalls. Doing so will allow for centralized
administration and configuration of the firewalls.

If you are installing Shorewall 4.2 or earlier:

On at least one system in your network, you must install
one or both of the compilers (Shorewall-shell and/or
Shorewall-perl; Shorewall-perl
is highly recommended), the Shorewall-common
package and possibly the Shorewall6 package.

If you only have a single firewall, then that system
should be your firewall system.

If you have more than one firewall, you may wish to
install one or both of the compilers on a single administrative
system and install Shorewall-lite and/or Shorewall6-lite on
the firewalls. Doing so will allow for centralized
administration and configuration of the firewalls.

When RPM is used to install Shorewall, the compiler
(shorewall-shell and/or shorewall-perl) and shorewall-common
must be installed in a single execution of the rpm utility.

Additionally, packages for the current Debian stable release are
available from the package maintainer's personal
page. Those packages are almost always more up-to-date
than the ones in the Debian Stable Branch.

If you run LEAF/Bering
or one if it's derivatives, you can download a .lrp file from the
Leaf site.

From the LEAF Bering-uClibc Team:

We try to provide the latest
stable version shortly after release, but we also want to do
some internal tests before making it available. So we may be
behind sometimes. But better be sure that the new version is
running on LEAF, than being too fast...

I know it's not obvious for newbies where to find the lrp on
our pages.

The lines flagged with <====== show that the Shorewall-perl
package has been updated to include two bug fixes (note the "-2"
and ".2" in the file names). The base tarballs for the release
are found in the base directory. The unified
diff files patch-4.0.6.* may be applied
sequentially to the base (4.0.6) Shorewall-perl release (from
the base directory) to
produce 4.0.6.2. The patch- files are for use by distribution
maintainers and should be ignored by end users.

The obsoleted 4.0.6 Shorewall-perl packages may be found in the
superseded directory. The
known_problems.txt
file indicates which problems are fixed in each updated package.